Research Article
RICB: Integer Overflow Vulnerability Dynamic Analysis via Buffer Overflow
788 downloads
@INPROCEEDINGS{10.1007/978-3-642-23602-0_9, author={Yong Wang and Dawu Gu and Jianping Xu and Mi Wen and Liwen Deng}, title={RICB: Integer Overflow Vulnerability Dynamic Analysis via Buffer Overflow}, proceedings={Forensics in Telecommunications, Information, and Multimedia. Third International ICST Conference, e-Forensics 2010, Shanghai, China, November 11-12, 2010, Revised Selected Papers}, proceedings_a={E-FORENSICS}, year={2012}, month={10}, keywords={Integer Overflow Format String Overflow Buffer Overflow}, doi={10.1007/978-3-642-23602-0_9} }- Yong Wang
Dawu Gu
Jianping Xu
Mi Wen
Liwen Deng
Year: 2012
RICB: Integer Overflow Vulnerability Dynamic Analysis via Buffer Overflow
E-FORENSICS
Springer
DOI: 10.1007/978-3-642-23602-0_9
Abstract
Integer overflow vulnerability will cause buffer overflow. The research on the relationship between them will help us to detect integer overflow vulnerability. We present a dynamic analysis methods RICB (Run-time Integer Checking via Buffer overflow). Our approach includes decompile execute file to assembly language; debug the execute file step into and step out; locate the overflow points and checking buffer overflow caused by integer overflow. We have implemented our approach in three buffer overflow types: format string overflow, stack overflow and heap overflow. Experiments results show that our approach is effective and efficient. We have detected more than 5 known integer overflow vulnerabilities via buffer overflow.
Copyright © 2010–2024 ICST